Login data for more than half a million records tied to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal and vehicle data of drivers and businesses using its service. 

The leaked repository was first spotted by the Kromtech Security Center, which blamed a misconfigured Amazon AWS S3 bucket that was left publicly accessible for an unknown period of time for the breach. Kromtech first noticed the cache on Sept. 18, according to experts, and the bucket was closed from public access hours after the security company alerted SVR on Sept. 20. The records included user login info like emails and passwords.

Hundreds of thousands of computers getting penetrated by a corrupted version of an ultra-common piece of security software was never going to end well. But now it's becoming clear exactly how bad the results of the recent CCleaner malware outbreak may be.

Researchers now believe that the hackers behind it were bent not only on mass infections, but on targeted espionage that tried to gain access to the networks of at least 20 tech firms. Earlier this week, security firms revealed that CCleaner, a piece of security software distributed by Czech company Avast, had been hijacked by hackers and loaded with a backdoor that evaded the company's security checks.

The top securities regulator in the United States said Wednesday night that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading.

The disclosure, coming on the heels of a data breach at Equifax, the major consumer credit reporting firm, is likely to intensify concerns over potential computer vulnerabilities lurking among pillars of the American financial system. The Securities and Exchange Commission said in a statement that it was still investigating the breach of its corporate filing system. The system, called Edgar, is used by companies to make legally required filings to the agency. 

Hackers have successfully breached CCleaner’s security to inject malware into the app and distribute it to millions of users. Security researchers at Cisco Talos discovered that download servers used by Avast (the company that owns CCleaner) were compromised to distribute malware inside CCleaner.

“For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner,” says the Talos team. CCleaner has been downloaded more than 2 billion times according to Avast, making it a popular target for hackers. 

An undocumented Microsoft Office feature allows attackers to gather sensitive configuration details on targeted systems simply by tricking recipients to open a specially crafted Word document—no VBA macros, embedded Flash objects or PE files needed.

The undocumented feature is being used by adversaries, according to Kaspersky Lab researchers, as part of a multistage attack that first involves gathering the system configuration data on targeted systems. “This code effectively sent information about the software installed on the victim machine to the attackers, including info about which version of Microsoft Office was installed,” wrote Kasperky Lab researchers. 

Switzerland’s defence ministry has foiled a cyber attack by malware similar to that used in other global hacking campaigns, the government said in a statement on Friday. The attack was detected in July by software that operated much like the Turla malware family, it said.

The government declined to give information about the origin of the attack or say if any damage including data theft had occurred. It cited security considerations. Government specialists took counter measures and an investigation is underway, while criminal charges have been lodged with federal prosecutors against persons unknown to them. 

Vevo has joined the growing list of media entities to fall victim to a security breach and release of internal documents.

The online music video service, a joint venture between music giants Universal Music Group, Sony Music Entertainment and Warner Music Group, was recently targeted by hackers who posted more than 3 terabytes of internal files online, experts reported late Thursday. The leaked files are mostly benign, experts reported, containing mainly office documents, videos and promotional materials. Vevo confirmed the breach, calling it the result of a phishing scam via LinkedIn.

Internet-of-things are turning every industry into the computer industry, making customers think that their lives would be much easier with smart devices. However, such devices could potentially be compromised by hackers. There are, of course, some really good reasons to connect certain devices to the Internet.

But does everything need to be connected? Of course, not — especially when it comes to medical devices. Medical devices are increasingly found vulnerable to hacking. Earlier this month, the US Food and Drug Administration recalled 465,000 pacemakers after they were found vulnerable to hackers. 

A missile control system developed by US defense contractor Raytheon is detailed in the CIA’s project ‘Protego,’ shared by WikiLeaks as part of the ‘Vault7’ series. WikiLeaks said the project differed to the “usual” malware development project from the CIA, with no indication as to why it’s contained within a repository of hacking techniques.

The release details micro-controller units which exchange data and signals over encrypted and authenticated channels, used on-board Pratt & Whitney aircraft equipped with missile launch systems. ‘Master Processor’ and ‘Deployment Box’ systems are on board the flight, with micro-controllers for the missile.

Modern smartphones take pains to “sandbox” apps, keeping them carefully segregated so that no mischievous program can meddle in another app’s sensitive business.

But security researchers have found an unexpected feature of Android that can surreptitiously grant an app the permission to not merely reach outside its sandbox but fully redraw the phone’s screen while another part of the operating system is running, tricking users into tapping on fake buttons that can have unexpected consequences. And while that hijacking of your finger inputs isn’t a new feat for Android hackers, a fresh tweak on the attack makes it easier than ever to pull off.